The FreeBSD Project

FreeBSD is a registered trademark of Wind River Systems, Inc. This is expected to
change soon.

Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.

Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc
in the United States and other countries. Products bearing SPARC trademarks are based
upon architecture developed by Sun Microsystems, Inc.

Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this document, and
the FreeBSD Project was aware of the trademark claim, the designations have been followed
by the ``™'' or the ``®'' symbol.

This document lists errata items for FreeBSD 5.1-RELEASE, containing significant
information discovered after the release or too late in the release cycle to be otherwise
included in the release documentation. This information includes security advisories, as
well as news relating to the software or documentation that could affect its operation or
usability. An up-to-date version of this document should always be consulted before
installing this version of FreeBSD.

This errata document for FreeBSD 5.1-RELEASE will be maintained until the release of
FreeBSD 5.2-RELEASE.

This errata document contains ``late-breaking news'' about FreeBSD 5.1-RELEASE. Before
installing this version, it is important to consult this document to learn about any
post-release discoveries or problems that may already have been found and fixed.

Any version of this errata document actually distributed with the release (for
example, on a CDROM distribution) will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the ``current errata'' for this
release. These other copies of the errata are located at http://www.FreeBSD.org/releases/, plus any sites which keep up-to-date
mirrors of this location.

Source and binary snapshots of FreeBSD 5-CURRENT also contain up-to-date copies of
this document (as of the time of the snapshot).

The implementation of the realpath(3)
function contained a single-byte buffer overflow bug. This had various impacts, depending
on the application using realpath(3) and
other factors. This bug was fixed on the 5-CURRENT development branch before 5.1-RELEASE;
FreeBSD 5.1-RELEASE is therefore not affected. However, this change was not noted in the
release documentation. For more information, see security advisory FreeBSD-SA-03:08.

The kernel contains a bug that could allow it to attempt delivery of invalid signals,
leading to a kernel panic or, under some circumstances, unauthorized modification of
kernel memory. This bug has been fixed on the 5-CURRENT development branch and the
5.1-RELEASE security fix branch. For more information, see security advisory FreeBSD-SA-03:09.

A bug in the iBCS2 emulation module could result in disclosing the contents of kernel
memory. (Note that this module is not enabled in FreeBSD by default.) This bug has been
fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. More
information can be found in security advisory FreeBSD-SA-03:10.

OpenSSH contains a bug in its buffer management code that
could potentially cause it to crash. This bug has been fixed via a vendor-supplied patch
on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch. For more
details, refer to security advisory FreeBSD-SA-03:12.

sendmail contains a remotely-exploitable buffer overflow.
This bug has been fixed via a new version import on the 5-CURRENT development branch and
via a vendor-supplied patch on the 5.1-RELEASE security fix branch. More details can be
found in security advisory FreeBSD-SA-03:13.

The FreeBSD ARP code contains a bug that could allow the kernel to cause resource
starvation which eventually results in a system panic. This bug has been fixed on the
5-CURRENT development branch and the 5.1-RELEASE security fix branch. More information
can be found in security advisory FreeBSD-SA-03:14.

Several bugs in the OpenSSH PAM authentication code could
have impacts ranging from incorrect authentication to a stack corruption. These have been
corrected via vendor-supplied patches; details can be found in security advisory FreeBSD-SA-03:15.

The implementation of the procfs(5) and
the linprocfs(5)
contain a bug that could result in disclosing the contents of kernel memory. This bug has
been fixed on the 5-CURRENT development branch and the 5.1-RELEASE security fix branch.
More information can be found in security advisory FreeBSD-SA-03:17.

OpenSSL contains several bugs which could allow a remote
attacker to crash an OpenSSL-using application or to execute
arbitrary code with the privileges of the application. These bugs have been fixed via a
vendor-supplied patch on the 5-CURRENT development branch and the 5.1-RELEASE security
fix branch. Note that only applications that use OpenSSL's
ASN.1 or X.509 handling code are affected (OpenSSH is
unaffected, for example). More information can be found in security advisory FreeBSD-SA-03:18.

BIND contains the potential for a denial-of-service attack.
This vulnerability has been addressed by a vendor patch on the 5.1-RELEASE security fix
branch and by the import of a new version to the 5-CURRENT development branch. For more
information, see FreeBSD-SA-03:19.

The RAIDframe disk driver described in raid(4) is
non-functional for this release.

ACPI seems to make some i386™ machines unstable.
Turning off ACPI support may help solve some of these problems; see an item in Section 4.

An integer overflow could cause kernel panics on PAE-using machines with certain
memory sizes. This bug has been corrected on both the RELENG_5_1 and HEAD branches. A
workaround for this problem is to remove some memory, update the system in question, and
reinstall the memory.

Attempting to write to an msdosfs(5) file
system that has been upgraded from read-only to read-write via mount
-u will cause the system to lock up. To work around this problem, unmount the file
system first, then mount it again with the appropriate options instead of using mount -u.

ipfw(4) should
work correctly on strict-alignment 64-bit architectures such as alpha and Sparc64®.

The release notes should have stated that the libthr library
is built by default for the i386 platform.

FreeBSD 5.1-RELEASE includes some new boot loader scripts designed to make booting
FreeBSD with different options easier. This may help diagnose bootstrapping problems.
These scripts build on the existing Forth-based boot loader scripts (thus, /boot/loader.conf and other existing loader configuration files
still apply). They are only installed by default for new binary installs on i386 machines. The new scripts present a boot-time menu that
controls how FreeBSD is booted, and include options to turn off ACPI, a ``safe mode''
boot, single-user booting, and verbose booting. ``Safe mode'' booting can be particularly
useful when compatibility with a system's hardware is uncertain, and sets the following
kernel tunable variables:

For new installs on i386 architecture machines, sysinstall(8)
will try to determine if ACPI was disabled via the new boot loader scripts mentioned
above, and if so, ask if this change should be made permanent.

The release notes should have mentioned that work on the following features was
sponsored by the Defense Advanced Research Projects Agency (DARPA): OpenPAM, NSS support,
PAE support, various MAC framework updates, the GEOM disk geometry system.